Webroot Software, Inc. - Comment

Suen

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

9 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Informations

Publié par	Suen
Nombre de lectures	14
Langue	English

Extrait

Monitoring Software on Your PC:
Spyware, Adware, and Other Software

Spyware Workshop
Comment P044509

Submitted to the Federal Trade Commission
by Webroot Software, Inc.

May 21, 2004

Webroot Software, Inc., was founded in 1997 to provide computer users with privacy,
protection and peace of mind. Today, Webroot provides solutions and services for millions of
users around the world, ranging from enterprises, Internet service providers, government
agencies and higher education institutions, to small businesses and individuals.

Among its award winning products is Spy Sweeper, winner of PC Magazine’s 2004 Editors’
Choice award. In the April 5 issue of Business Week, Stephen Wildstrom, author of the
“Technology and You” column also recommended Spy Sweeper, referring to Webroot as the
“established leader” in the market.

Webroot's world headquarters is located in Boulder, Colorado, with a European headquarters
in Frankfurt, Germany, and sales offices in Chicago, London, Amsterdam, and Paris. Webroot
products are sold online at www.webroot.com, and at leading retailers around the world,
including Best Buy, CompUSA, Circuit City, Fry's, Staples, MicroCenter and WalMart. In
addition, Webroot provides a full suite of privacy and security solutions designed to help ISPs
like EarthLink provide value-added products and services to their customers.
Every day, Webroot employees talk to computer users in the U.S. and Europe who are being
negatively impacted by spyware that has found its way onto their computers. Given this
expertise, Webroot provides the following answers to the questions included in the FTC’s
Federal Register notice.

Defining and Understanding Spyware

What types of software (particularly downloaded software) should be considered
“spyware”? How is adware different from spyware?

In 2003, Webroot helped to found the Consortium of Anti-Spyware Technology vendors
(COAST), a non-profit organization established to facilitate collaboration among spyware
detectors and increase awareness of the growing spyware problem.

COAST defines spyware as: Any software program that aids in gathering information about a
person or organization without their knowledge, and can relay this information back to an
unauthorized third party.

1“Without your knowledge” and “to an unauthorized third party” are key components of this
definition. The workshop was very appropriately titled: “Computer Monitoring Software on Your
PC: Spyware, Adware, and Other Software.” From a pure technology point of view, there is
little difference between computer monitoring programs that serve legitimate purposes and
those that put your privacy and personal information at serious risk. For example, a keylogger
program like ChildSafe, a Webroot product, provides parents with the ability to monitor their
childrens’ online activities by tracking what the child types on the keyboard or views on the
screen. A functionally similar keylogger program installed without permission by JuJu Jioang on
computers in at least 15 Kinko’s stores provided him with personal information about over 400
people, which he used to open back accounts and commit other illegal activities.

Thus, there is not a technological definition for spyware. The definition is contextual – how the
program came to reside on your computer is a threshold question to defining it as spyware.
Under this definition, there are several kinds of programs that can be considered spyware.

The four most common forms of spyware are:
• Back Door Trojans -- malicious programs that appear as harmless or desirable programs.
Back Door Trojans deploy remote access tools, allowing hackers to gain unrestricted
access to a user’s computer. Trojans can be deployed as email attachments, or bundled
with another software program.
• Keyloggers -- programs that can monitor and record the user’s every keystroke. gers can be used to gather sensitive data such as username and password,
private communications, credit card numbers, etc.
• System Monitors -- applications designed to monitor computer activity. These programs
can capture everything that is done on a computer. Information can be received by a
third-party, through remote access, or scheduled emails.
• Adware -- advertising supported software that displays some form of advertisements
whenever the program is running. Once installed, these programs can download and
install new software and data files – advertisements, etc. – based on user activities such
as websites visited. An adware program should be considered spyware when it was
installed without informed consent and sends information to unauthorized parties.
Distribution of Spyware

How is spyware distributed? What role does peer-to-peer file-sharing play in the
distribution of spyware?
Spyware may arrive bundled with freeware or shareware, through peer-to-peer downloads,
attached to or embedded in email or instant messenger communications, as an ActiveX
installation, or it may be placed on your computer accidentally or deliberately by someone with
access to it. Peer-to-peer file sharing is another way that spyware can be distributed; however,
like the other distribution means (email and web-browsing) peer-to-peer file sharing has many
other legitimate uses beyond distributing spyware. The many ways that spyware can be
distributed, contribute to the dramatic rise in spyware over recent years.
2EarthLink and Webroot Software collaborated in the first quarter of 2004 to offer a free
SpyAudit. On April 15, 2004 the companies jointly released the findings for January 1, 2004
through March 31, 2004. During that timeframe, 1,062,756 spyware scans were run,
identifying a total of 29,540,618 instances of spyware, meaning roughly 28 instances of
spyware per PC. Of particular concern, were the large number of System Monitors and Trojans
found which accounted for 369,478 of all the spyware instances found.

To what extent is spyware bundled with other software, especially freeware? Do
consumers know that spyware is being placed on their personal computers?

Bundling spyware with freeware is one way that spyware distributors are able to legitimize the
download. Some argue that spyware is installed with the user’s knowledge (although often the
user may not understand exactly what s/he has done). Most of the time it is installed
surreptitiously as part of another program installation. Even if the bundling of software and
information tracking practices are disclosed to the consumer through the End User License
Agreement (EULA), such disclosures are rarely clear and conspicuous. Even when they exist,
notices often fail to provide users with a real understanding of what information will be
collected, who is collecting it and how they plan to use the information collected.

How does spyware operate once it has been placed on a personal computer?

Because spyware comes in many different forms, there are numerous ways it can behave once
installed on a computer. A few of the more egregious behaviors are:
Home Page Hijacking – a user’s homepage is continually reset without their permission.
If the user attempts to change their homepage back, the spyware will simply hijack it
again.

Search Page Hijacking – Internet Explorer uses internal search methods that can be
hijacked, redirecting a user’s searches to paid advertising results pages.

Host File Hijacking – Websites can be redirected to hijacked sites (for instance a user
will type www.google.com and instead be taken to a completely different site).
Sometimes host file hijack sites are designed to look like the authentic site, but are
populated with paid advertising information.

Re-Infection of the above – If spyware is removed and the spyware has added a run key
to the users system, the computer is reinfected when the user reboots the system.

Does spyware affect the functioning of personal computers?

In many cases, spyware can have a serious negative affect on system performance of your PC.
Any program on your system is already using system resources, bandwidth and memory. So a
spyware program that is on your system without your consent may be using more than you
knew about and intended to use. Some programs may also have thread jumpers that
reprioritize the current running processesin an attempt to have their program running at a
stronger, more stable thread.

3
The Effects of Spyware

Does spyware interfere with use of the Internet or programs on personal
computers? If so, how?

If a hijacker is present on a system, a user will not be able to run proper search queries. The
user will not be able to modify their personal computers Internet Explorer settings without
removing of the infection.

Spyware can block access to websites by interfering with normal browser functionality.

Certain types of adware with present undesired advertising in the form of pop ups.
These programs present new targets for the spread of viruses, in the same way that other
network-enabled applications may be exploited by hackers.

Some forms o